Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch known vulnerability in Docker image #269

Closed
wongannaw opened this issue Oct 19, 2020 · 4 comments
Closed

Patch known vulnerability in Docker image #269

wongannaw opened this issue Oct 19, 2020 · 4 comments
Labels
enhancement help wanted

Comments

@wongannaw
Copy link
Contributor

Bug description

Running trivy image scanning against the image for http-configurable-proxy results in two vulnerabilities found.

Expected behavior

0 vulnerabilities

Actual behavior

trivy image --ignore-unfixed --light jupyterhub/configurable-http-proxy:latest > out.txt

Results in: out.txt showing 2 vulnerabilities

How to reproduce

  1. Install trivy
  2. Run docker pull jupyterhub/configurable-http-proxy:latest
  3. Run trivy image --ignore-unfixed jupyterhub/configurable-http-proxy:latest > out.txt

Your personal set up

  • OS: MacOS
  • Version: jupyterhub/configurable-http-proxy:latest
  • Configuration: No configuration
@welcome
Copy link

welcome bot commented Oct 19, 2020

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

@wongannaw
Copy link
Contributor Author

Adding out.txt output below:

2020-10-19T10:18:40.356-0500	�[33mWARN�[0m	You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2020-10-19T10:18:40.393-0500	�[34mINFO�[0m	Detecting Alpine vulnerabilities...
2020-10-19T10:18:40.394-0500	�[34mINFO�[0m	Detecting nodejs vulnerabilities...

jupyterhub/configurable-http-proxy:latest (alpine 3.11.6)
=========================================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

+-----------+------------------+----------+-------------------+---------------+
|  LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |
+-----------+------------------+----------+-------------------+---------------+
| libgcc    | CVE-2019-15847   | HIGH     | 9.2.0-r4          | 9.3.0-r0      |
+-----------+                  +          +                   +               +
| libstdc++ |                  |          |                   |               |
+-----------+------------------+----------+-------------------+---------------+

srv/configurable-http-proxy/package-lock.json
=============================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

@wongannaw wongannaw mentioned this issue Oct 19, 2020
Merged
@wongannaw
Copy link
Contributor Author

Fixed by #270

@consideRatio
Copy link
Member

The title isnt reflecting the issue though!

@consideRatio consideRatio changed the title CI: Automatic hub image scanning using trivy Patch known vulnerability in Docker image Oct 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@consideRatio @wongannaw